@LCMark: Hi Mark, thank you for replay. The application that we are developing for some_big_company required some technical solutions to pass the security test.

I read your answer about Code Obfuscation too. This and a few other items need to be implemented on our app. If you can help me to get proper answers to this questions it will be very helpful to me. Below is the items they are interested in.

Application Misconfiguration: ARC Disabled (iOS only) - Can this be a security issue?

Application Misconfiguration: Backup Allowed (Android only) - I have set the allowBackup attribute equal to false in the AndroidManifest.xml from Livecode package. <application android:allowBackup="false" />. Will this work?

Binary Protection: Insufficient Code Obfuscation(Android only) - They are mostly interested on obfuscation of logic code to protect application from being reverse-engineered.

1) Can ARC being disabled be a security issue - no. Your app is in LiveCode, so you are not using Obj-C directly. LiveCode's automatic memory management is superior to ARC (as LiveCode is a safe language - Obj-C is not, even with ARC).

2) Backup Allowed: The Android engine does not do anything specific relating to this flag. It sounds like turning this off means that it turns off something which the Android environment allows; so I think you should be okay.

3) Binary protection. There is no logic code in Java as your app is written in LiveCode. All the LiveCode code is double obfuscated in commercial builds if you use a password on your stackfiles (the password protection is the first level, the second is an extra layer of obfuscation applied when the standalone is built).

4) Jailbroken devices: We will need to investigate how to detect this!